Scan Report
5 /100
binance-alert
Binance smart alert system for price/change alerts, new listings, Alpha airdrop opportunities, and HODLer announcements via Telegram
Legitimate Binance alert tool using only standard library, public Binance APIs, and Telegram for notifications with no credential exfiltration or malicious behavior detected.
Safe to install
Skill is safe to use. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | Scripts/read:23-24 ENV_FILE and STATE_FILE paths declared |
| Filesystem | WRITE | WRITE | ✓ Aligned | Scripts/read:62 STATE_FILE.write_text() for state persistence |
| Network | READ | READ | ✓ Aligned | Scripts/read:30-35 http_get() to Binance public APIs |
| Network | WRITE | WRITE | ✓ Aligned | Scripts/read:40-47 http_post() to Telegram API for notifications |
| Environment | READ | READ | ✓ Aligned | Scripts/read:23-25 Reads TG_BOT_TOKEN, TG_CHAT_ID from env |
| Shell | NONE | NONE | — | No subprocess or shell execution in code |
| Skill Invoke | NONE | NONE | — | No skill_invoke usage |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database access |
4 findings
Medium External URL 外部 URL
https://api.binance.com scripts/binance_alert.py:24 Medium External URL 外部 URL
https://web3.binance.com scripts/binance_alert.py:25 Medium External URL 外部 URL
https://www.binance.com scripts/binance_alert.py:26 Medium External URL 外部 URL
https://api.telegram.org/bot scripts/binance_alert.py:78 File Tree
3 files · 21.1 KB · 511 lines Python 1f · 427L
Markdown 1f · 80L
JSON 1f · 4L
├─
▾
scripts
│ └─
binance_alert.py
Python
├─
_meta.json
JSON
└─
SKILL.md
Markdown
Security Positives
✓ Uses only Python standard library (urllib, json, gzip, hashlib) - no external dependencies
✓ Only accesses public Binance APIs - no API key required or used
✓ Telegram credentials (TG_BOT_TOKEN) used only for sending notifications, not exfiltrated
✓ No obfuscation, base64 encoding, or anti-analysis techniques
✓ State persistence is local to /data/freqtrade/user_data/
✓ Code is well-commented and transparent in its operations
✓ Hardcoded paths declared in both SKILL.md and code comments